package org.springframework.boot.info;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.function.Function;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.SslBundles;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo.class */
public class SslInfo {
    private final SslBundles sslBundles;
    private final Duration certificateValidityWarningThreshold;

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo$BundleInfo.class */
    public final class BundleInfo {
        private final String name;
        private final List<CertificateChainInfo> certificateChains;

        private BundleInfo(String str, SslBundle sslBundle) {
            this.name = str;
            this.certificateChains = extractCertificateChains(sslBundle.getStores().getKeyStore());
        }

        private List<CertificateChainInfo> extractCertificateChains(KeyStore keyStore) {
            if (keyStore == null) {
                return Collections.emptyList();
            }
            try {
                return Collections.list(keyStore.aliases()).stream().map(str -> {
                    return new CertificateChainInfo(keyStore, str);
                }).toList();
            } catch (KeyStoreException e) {
                return Collections.emptyList();
            }
        }

        public String getName() {
            return this.name;
        }

        public List<CertificateChainInfo> getCertificateChains() {
            return this.certificateChains;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo$CertificateChainInfo.class */
    public final class CertificateChainInfo {
        private final String alias;
        private final List<CertificateInfo> certificates;

        CertificateChainInfo(KeyStore keyStore, String str) {
            this.alias = str;
            this.certificates = extractCertificates(keyStore, str);
        }

        private List<CertificateInfo> extractCertificates(KeyStore keyStore, String str) {
            try {
                Certificate[] certificateChain = keyStore.getCertificateChain(str);
                return !ObjectUtils.isEmpty((Object[]) certificateChain) ? Arrays.stream(certificateChain).map(certificate -> {
                    return new CertificateInfo(certificate);
                }).toList() : Collections.emptyList();
            } catch (KeyStoreException e) {
                return Collections.emptyList();
            }
        }

        public String getAlias() {
            return this.alias;
        }

        public List<CertificateInfo> getCertificates() {
            return this.certificates;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo$CertificateInfo.class */
    public final class CertificateInfo {
        private final X509Certificate certificate;

        private CertificateInfo(Certificate certificate) {
            this.certificate = certificate instanceof X509Certificate ? (X509Certificate) certificate : null;
        }

        public String getSubject() {
            return (String) extract((v0) -> {
                return v0.getSubjectX500Principal();
            }, (v0) -> {
                return v0.getName();
            });
        }

        public String getIssuer() {
            return (String) extract((v0) -> {
                return v0.getIssuerX500Principal();
            }, (v0) -> {
                return v0.getName();
            });
        }

        public String getSerialNumber() {
            return (String) extract((v0) -> {
                return v0.getSerialNumber();
            }, bigInteger -> {
                return bigInteger.toString(16);
            });
        }

        public String getVersion() {
            return (String) extract(x509Certificate -> {
                return "V" + x509Certificate.getVersion();
            });
        }

        public String getSignatureAlgorithmName() {
            return (String) extract((v0) -> {
                return v0.getSigAlgName();
            });
        }

        public Instant getValidityStarts() {
            return (Instant) extract((v0) -> {
                return v0.getNotBefore();
            }, (v0) -> {
                return v0.toInstant();
            });
        }

        public Instant getValidityEnds() {
            return (Instant) extract((v0) -> {
                return v0.getNotAfter();
            }, (v0) -> {
                return v0.toInstant();
            });
        }

        public CertificateValidityInfo getValidity() {
            return (CertificateValidityInfo) extract(x509Certificate -> {
                Instant validityStarts = getValidityStarts();
                Instant validityEnds = getValidityEnds();
                Duration duration = SslInfo.this.certificateValidityWarningThreshold;
                try {
                    x509Certificate.checkValidity();
                    return !isExpiringSoon(x509Certificate, duration) ? CertificateValidityInfo.VALID : new CertificateValidityInfo(CertificateValidityInfo.Status.WILL_EXPIRE_SOON, "Certificate will expire within threshold (%s) at %s", duration, validityEnds);
                } catch (CertificateExpiredException e) {
                    return new CertificateValidityInfo(CertificateValidityInfo.Status.EXPIRED, "Not valid after %s", validityEnds);
                } catch (CertificateNotYetValidException e2) {
                    return new CertificateValidityInfo(CertificateValidityInfo.Status.NOT_YET_VALID, "Not valid before %s", validityStarts);
                }
            });
        }

        private boolean isExpiringSoon(X509Certificate x509Certificate, Duration duration) {
            return Instant.now().plus((TemporalAmount) duration).isAfter(x509Certificate.getNotAfter().toInstant());
        }

        /* JADX WARN: Multi-variable type inference failed */
        private <V, R> R extract(Function<X509Certificate, V> function, Function<V, R> function2) {
            return (R) extract(function.andThen(function2));
        }

        private <R> R extract(Function<X509Certificate, R> function) {
            if (this.certificate != null) {
                return function.apply(this.certificate);
            }
            return null;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo$CertificateValidityInfo.class */
    public static class CertificateValidityInfo {
        static final CertificateValidityInfo VALID = new CertificateValidityInfo(Status.VALID, null, new Object[0]);
        private final Status status;
        private final String message;

        /* loaded from: input_file:BOOT-INF/lib/spring-boot-3.4.3.jar:org/springframework/boot/info/SslInfo$CertificateValidityInfo$Status.class */
        public enum Status {
            VALID(true),
            NOT_YET_VALID(false),
            EXPIRED(false),
            WILL_EXPIRE_SOON(true);

            private final boolean valid;

            Status(boolean z) {
                this.valid = z;
            }

            public boolean isValid() {
                return this.valid;
            }
        }

        CertificateValidityInfo(Status status, String str, Object... objArr) {
            this.status = status;
            this.message = str != null ? str.formatted(objArr) : null;
        }

        public Status getStatus() {
            return this.status;
        }

        public String getMessage() {
            return this.message;
        }
    }

    public SslInfo(SslBundles sslBundles, Duration duration) {
        this.sslBundles = sslBundles;
        this.certificateValidityWarningThreshold = duration;
    }

    public List<BundleInfo> getBundles() {
        return this.sslBundles.getBundleNames().stream().map(str -> {
            return new BundleInfo(str, this.sslBundles.getBundle(str));
        }).toList();
    }
}
